io.github.bitgett/q402-mcp

Recommended path: skip this UI and run `q402_doctor` after install — it stores secrets in ~/.q402/mcp.env, which the server auto-loads. Fill this field directly ONLY if your MCP client manages secrets for you. Value is a Free Trial API key from https://q402.quackai.ai/event — BNB Chain only, 2,000 sponsored TXs, gas covered by Q402. BNB payments auto-route to this key when set (same rule for q402_pay and q402_batch_pay up to 5 recipients).

Recommended path: skip this UI and run `q402_doctor` after install — it stores secrets in ~/.q402/mcp.env, which the server auto-loads. Fill this field directly ONLY if your MCP client manages secrets for you. Value is a Paid Multichain API key from https://q402.quackai.ai/payment — full 10-chain support with per-chain Gas Tank. Auto-routed for non-BNB payments and whenever keyScope='multichain' is chosen.

Mode A — real EOA signing. Hex-encoded EVM private key (0x + 64 hex chars) of YOUR MetaMask wallet, used to sign payment authorizations LOCALLY on your machine. After your first payment that wallet shows as 'Smart account' in MetaMask (EIP-7702 delegation, reversible via q402_clear_delegation). Use a fresh wallet, not your main one. Skip this and pick Mode B (Q402_AGENTIC_PRIVATE_KEY) or Mode C (server-managed Agent Wallet) if you'd rather keep your MetaMask untouched. Recommended path: run q402_doctor after install — it stores secrets in ~/.q402/mcp.env, which the server auto-loads.

Mode B — local Agent Wallet signing. Hex-encoded EVM private key (0x + 64 hex chars) exported from your Agent Wallet at https://q402.quackai.ai/dashboard → Agent tab → Export. Signs LOCALLY just like Mode A, but the signer is your dedicated Agent Wallet — your MetaMask EOA is never touched. Pick this for AI-agent automation when you want a dedicated purse with per-tx + daily caps you set on the dashboard.

Live-mode switch. 0 = sandbox (test mode, no funds move — every q402_pay returns a fake hash). 1 = real on-chain payments. Default 1 since v0.5.11: safe because mode only flips to live when a live API key (q402_live_*) is set AND one of (a) a valid 32-byte private key for local signing modes, OR (b) walletMode="agentic-server" with Q402_MULTICHAIN_API_KEY for the server-managed Agent Wallet path. Without either combination, the server stays in sandbox regardless of this flag.

Per-call USD-equivalent cap. Any q402_pay request with amount above this is rejected before signing. Lower this if you want a tighter agent blast-radius; raise for treasury-grade transfers.

Optional comma-separated lowercase EVM addresses. When set, q402_pay rejects any recipient not on this allowlist.

Override for the Q402 relay endpoint. Defaults to https://q402.quackai.ai/api. Set explicitly when running against a self-hosted Q402 deployment or a non-canonical environment.

Server-managed Agent Wallet picker (walletMode='agentic-server' only). Lowercased agent wallet address (the hex 0x... shown on the Agent tab of your dashboard) selecting which of your Agent Wallets to spend from when you hold more than one (max 10 per owner). Omit to use the default wallet. Ignored for the local-signing modes that carry their own private key.

DEPRECATED legacy single-key env from pre-v0.5.0 installs. The server still reads it as a silent fallback so existing setups keep working, but new users should pick a scoped variant instead. Q402_TRIAL_API_KEY (Free Trial, BNB only) and Q402_MULTICHAIN_API_KEY (full 10-chain surface) are designed to coexist — BNB payments auto-route to the trial key, other chains use multichain. Only set Q402_API_KEY if you are migrating an existing pre-v0.5.0 install; do NOT set it alongside the scoped variants on a fresh install.

DEPRECATED soft-migration alias for Q402_AGENT_WALLET_ADDRESS (one release of overlap from v0.6.0). The server still accepts it but logs a deprecation notice. New installs should set Q402_AGENT_WALLET_ADDRESS directly.